Introduction to Information Security and Privacy Minitrack

N/

Security, Privacy, Confidentiality and Integrity of Emerging Healthcare Technologies: A Framework for Quality of Life Technologies to be HIPAA/HITECH Compliant, with Emphasis on Health Kiosk Design

This dissertation research focused on the following: 1. Determined possible vulnerabilities that exist in multi-user kiosks and the computer systems that make up multi-user kiosk systems. 2. Developed an evaluation system and audit checklist for multi-user kiosk systems adapted from the Office for Civil Rights (OCR) audit protocols to address the vulnerabilities identified from our research. 3. Improved the design of a multi-user health kiosk to meet the HIPAA/HITECH standards by incorporating P&S policies. 4. Explored the feasibility and preliminary efficacy of an intervention to explore the magnitude of differences in users’ perceived risk of privacy and security (P&S) breaches as well as correlation between perceived risk and their intention to use a multi-user health kiosk. A gap analysis demonstrated that we successfully incorporated 81% of our P&S polices into the current design of our kiosk that is undergoing pilot testing. This is higher than our initial target of 50%. Repeated measures ANOVA was performed to analyze baseline and six-month follow-up of 36 study participants to measure the magnitude of the change in their “perceived risk”. Results from the ANOVA found significant group-by-time interaction (Time*Group) F (2, 33) = .27, P=.77, ηp2=.02, significant time interaction F (1, 33) = 4.73, P=.04, ηp2=.13, and no significant group interaction F (2, 33) =1.27, P=.30 ηp2=.07. The study intervention was able to significantly reduce users’ “perceived risk with time (baseline and six-month follow-up), even though the magnitude of the change was small. We were however, unable to perform the correlation analysis as intended since all the kiosk participants used in the analysis intended to use the kiosk both at baseline and at six-month follow-up. These findings will help in direct research into methods to reduce “perceived risk” as well as using education and communication to affect human behavior to reduce risky behavior on both internal and external use of new health IT applications and technologies. It could then serve as framework to drive policy in P&S of health applications, technologies and health IT systems